In July 2018, The Wall Street Journal published a report in which they accused crypto exchange Shapeshift of helping hackers in laundering stolen funds to the tune of $9 million through their platform. The report at the time stated that the funds were being converted to various coins including privacy coins like Monero (XMR).
Soon after this report came out, Shapeshift denied all allegations of money launching, with their CEO Erik Vorhees stating that they had been working with the newspaper for months, but the paper did not have enough understanding of crypto exchanges to make such claims.
Besides this, Shapeshift, who have been forced to lay off some staff in recent times, also commissioned CipherBlade to investigate the Journal’s report and their findings were published in a March 20, 2019 blog post.
Misrepresentation of Evidence
According to the blog post, the claims that Shapeshift was involved in the laundering of $9 million is overstated by at least four times.
One of the reasons for this is that their methodology was flawed, according to ShapeShift. The Wall Street Journal traced the laundering through no more than two different addresses before reaching an exchange. According to CipherBlade, the tracing of funds through multiple transactions is difficult in itself and presenting the total contents of subsequent wallets as illicit is a forensically unsound move.
What would have been a better move, CipherBlade says, would have been to trace individual illicit coins and not to declare all the content of the final destination as illicit in themselves.
“Of the ShapeShift addresses which receive ETH within three hops from the initial dirty addresses, less than half of the ETH traded through them are tainted. Using the most generous assumptions, this is still only 23.53 percent of the WSJ’s claimed $9 million,” the post says.
Furthermore, CipherBlade claims that the data that The Wall Street Journal presented does not even support their conclusion.
The claims about the use of privacy coins were examined, and it was found that of the 5,523 addresses that were identified as part of the trading accounts, only 30.38 percent of the BTC and 5.53 percent of the ETH that were sent it those addresses were exchanged for privacy coins.